summaryrefslogtreecommitdiffstats
path: root/Lib/email/_parseaddr.py
diff options
context:
space:
mode:
Diffstat (limited to 'Lib/email/_parseaddr.py')
-rw-r--r--Lib/email/_parseaddr.py11
1 files changed, 10 insertions, 1 deletions
diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
index cdfa372..41ff6f8 100644
--- a/Lib/email/_parseaddr.py
+++ b/Lib/email/_parseaddr.py
@@ -379,7 +379,12 @@ class AddrlistClass:
aslist.append('@')
self.pos += 1
self.gotonext()
- return EMPTYSTRING.join(aslist) + self.getdomain()
+ domain = self.getdomain()
+ if not domain:
+ # Invalid domain, return an empty address instead of returning a
+ # local part to denote failed parsing.
+ return EMPTYSTRING
+ return EMPTYSTRING.join(aslist) + domain
def getdomain(self):
"""Get the complete domain name from an address."""
@@ -394,6 +399,10 @@ class AddrlistClass:
elif self.field[self.pos] == '.':
self.pos += 1
sdlist.append('.')
+ elif self.field[self.pos] == '@':
+ # bpo-34155: Don't parse domains with two `@` like
+ # `a@malicious.org@important.com`.
+ return EMPTYSTRING
elif self.field[self.pos] in self.atomends:
break
else:
generated by cgit v0.12 at 2025-02-19 23:59:29 (GMT)